Описание
The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable.
Ссылки
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 1.04.1.1012 (включая)
cpe:2.3:a:malwarebytes:malwarebytes_anti-exploit:*:*:*:*:consumer:*:*:*
Конфигурация 2Версия до 2.02 (включая)
cpe:2.3:a:malwarebytes:malwarebytes_anti-malware:*:*:*:*:consumer:*:*:*
EPSS
Процентиль: 95%
0.18948
Средний
9.3 Critical
CVSS2
Дефекты
CWE-345
Связанные уязвимости
github
больше 3 лет назад
The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable.
EPSS
Процентиль: 95%
0.18948
Средний
9.3 Critical
CVSS2
Дефекты
CWE-345